A recent ransomware attack partially shut down Baltimore's Public Works and Parks Departments. The city had to suspend Public Works' customer support, billing for the Parks Department, and vehicle intake at an impound lot.

Experts believe that the ransomware did not result from spam email, although they have not stated the source.

According to the president of the Baltimore City Council, there is no evidence that cybercriminals stole personal data from the city's system, but the city has shut down a majority of its servers as a precautionary measure.

A ransom message on affected computers demanded that the city pay three Bitcoins, or around $76,000, to restore its disabled services. City officials did not say whether they would pay the ransom.

This ransomware attack resembled other cyberattacks against cities. In April, the RobbinHood virus crippled Greenville, North Carolina's computers. In March 2018, a cyberattack shut down internet service at Atlanta's airport. In that attack, cybercriminals demanded $51,000, which city officials may or may not have paid. A previous attack against Baltimore hamstrung the city's 911 and 311 automated message systems.

In the two years prior to March 2018, there were 184 cyberattacks against local government and public safety agencies in the U.S. that affected hospitals, transportation, billing, communications, and other services. J. Brian Charles "After Second Ransomware Attack in 14 Months, Baltimore Refuses to Pay" governing.com (May 08, 2019).

Commentary

Ransomware can hamstring your organization, whether you are a small operation, a major U.S. city, or a large corporation.

The FBI and cybersecurity experts recommend never paying cybercriminals a ransom. They say that paying incentivizes ransomware attacks. It will lead to more cybercriminals with more targets.

Email phishing scams are the main way that cybercriminals commence a ransomware attack. Cybercriminals will often create fake emails that look like they are coming from a coworker, a known vendor, or other familiar source. Employee training should focus on the risk of phishing emails from downloading unknown, unverified attachments or clicking on unknown links.

In addition to training, organizations can protect their network by partitioning it. That way, if cybercriminals do infect part of your network, it will not shut down your entire operation.

In addition, if you have data that does not need to be accessed online, store it on computers that are not connected to the internet.

Routinely back up all information that is essential for operations onto a hard drive that is not connected to the internet. Having data stored where cybercriminals cannot access it means you can resume operations even if ransomware locks you out of your network.